Can I use Wireshark to see what websites are visited on my network? I'm just looking for the domain name, and not a full url or any credentials. Would I need any additional tools such as sslstrip to see this? Would getting the DNS query be easier?
Thank you in advance for any help.
Your question doesn't specify where on the network you are capturing packets or what type of network, but I am going to assume from a regular computer on the network. If you are running Wireshark on your computer, you will typically only see traffic addressed to your network interface (unicast, multicast, or broadcast), unless you are somehow using a hub instead of a switch. This is either due to how switched networks work, or the way wireless cards work in managed mode.
In order to monitor the entire network, you have a few options:
David's answer points out some of the ways you could look for the domain name. An additional point is that HTTPS is also possible, since TLS traffic typically has a SNI header containing the domain name (unless the encrypted SNI extension is being used).
If you're using wireshark to monitor local traffic, either directly from the interface or by loading up a previous capture (such as by tcpdump), you can configure wireshark to try to resolve IP addresses for you. You'll need to go select the Name Resolution section and make sure the Resolve network (IP) addresses is checked. That's for inbound connections, and note that many IPs won't resolve, particularly if they are dynamically assigned (like from a cable router).
If you're talking about which site of potentially many a user is accessing on your local server, you'd have to examine the http header in wireshark, which probably isn't the best way to do this, and won't be possible if you're using https.
